The Omnibus Trap: Why the New CSRD Thresholds Could Be Your Biggest Risk
- xingmiao chen
- Dec 21, 2025
- 5 min read
By Michael Ozulu
When the headlines broke that the EU had effectively raised the CSRD threshold to 1,000 employees, it felt like a massive win for a lot of C-suite leaders. Mid-sized companies thought they’d dodged a regulatory bullet, and larger groups assumed the pressure had finally eased. However, a closer look at the December Omnibus deal flips the story.
The so-called “Great Deregulation” hasn’t taken the work away; it has simply split it into three very different tiers of responsibility. The risk has moved from “Brussels” to “Business”—into contracts, supply chains, and lending decisions. Here is your new reality, depending on which tier you fall into.
Tier 1. The “Super Giants” (>5,000 employees): The CSDDD Reality
The reporting law (CSRD) starts at 1,000 employees, but the Due Diligence law (CSDDD) kicks in much higher—at 5,000 employees and €1.5bn turnover. If you sit in this top 0.05%, you are no longer just a reporter; you are the enforcer.
· The "Tier 1" Comfort Blanket is Gone: The final deal removed the limitation to "direct partners only." You can’t stop at tier-one audits; you are expected to identify severe risks (forced labour, environmental harms) across your entire chain of activities.
· The "Risk-Based" Pivot: You aren't expected to map every single supplier. Instead, you must run a structured “General Scoping”exercise to triage where the biggest risks sit.
· The Climate Twist: The legal obligation to adopt a transition plan under CSDDD has been dropped (sparing you the liability risk), but CSRD still expects you to report on your transition pathway.
The Trap: You face fines of up to 3% of global turnover if you fail to police your chain. Yet, at the same time, new rules cap how much data you can legally demand from your smaller suppliers. You are squeezed between the regulator on one side and the "Value Chain Cap" on the other.
Tier 2. The “Standard Reporters” (>1,000 employees): The Simplified ESRS
If you are above 1,000 employees but below the CSDDD threshold, you’ve dodged the due diligence law, but you are still firmly in the CSRD reporting camp.
The Good News: The burden has been lightened. The new "Simplified ESRS 2025" cuts the number of mandatory data points by approximately 61%.
Deep Dive Review of Changes in the Simplified ESRS
Element | Old Reality (ESRS 2023) | New Reality (Simplified ESRS 2025) |
General Requirements (ESRS 1) | Dense vocabulary, multiple definitions | Clarification of language + simplification of structure |
ESRS 2 (General Disclosures) | Long, very prescriptive | Lightened, reorganized, more readable |
Fair presentation principle | Fair presentation = text open to interpretation | Clarified but still debated at the SRB |
E1 - Climate | Very heavy (GHG scopes, transition planes, projections, aligned CAPEX/OPEX, etc.) | Strong reduction of data points + more proportionate approach 9999 |
E2 - Pollution | Numerous detailed indicators | Condensation of pollution categories |
E3 - Water & marine resources | High number of sub-requirements | Grouping of key indicators |
E4 - BiodiversityE5 - Resource use & circular economy | Granular reportingHigh level of detail (partial TNFD alignment) | Major simplification, fewer technical requirementsSimplified structure, resized requirements 10 |
S1 - Own WorkforceS2 - Workers in the value chain | Very numerous HR KPIs (turnover, diversity, training...)Demanding processes | Notable reduction of HR indicatorsLightening of documentary indicators 11 |
S3 - Affected communities | Requirements sometimes redundant | Grouping + clarification |
S4 - Consumers and end-users | Narrative and quantitative requirements | Simplification and limitation to material issues |
Role of governance bodiesBusiness conduct (anti-corruption, ethics) | Details on skills, remuneration, ESG supervisionHigh granularity | Lightening and refocusing on truly useful pointsCondensed indicators + more pragmatic approach 12 |
Exemptions | Few | Introduction of true reliefs (allowances) |
Proportional approach | Weak | Possibility of exemptions if burden is disproportionate 13 |
Phase-in | Restricted | Expanded and clarified |
ISSB Alignment | Partial alignment | Strong reinforcement of interoperability without losing the European logic |
Terminology and structure | Notable divergences | Better harmonization |
The Bad News (The Value Chain Cap):
You now must play by a hard rule: when dealing with smaller suppliers (<1,000 employees), you are legally forbidden from bombarding them with sprawling, 50-page ESG questionnaires. You are expected to stay within a simplified, standardised “VSME” set of data points. You don’t just need more data. You need a way to ask less and still get exactly what you need.
Tier 3. The “Exempt” (<1,000 employees): The Commercial Risk
On paper, you’re out. In practice, you’re more exposed than you think. You didn’t receive a free pass; you got privatized. Instead of sending disclosures to Brussels, you’ll be sending them to the giants above you—your largest customers, lenders, and buyers. They are facing enforcement and reputational risk (Tier 1 & 2), and they will push that pressure straight down the chain.
Your biggest clients will increasingly say:
"We’re still in scope. We still need clean, consistent ESG and climate data. If you can’t give it to us in the format we need, we’ll find someone who can."
Your Challenge: You don’t need a 200-page CSRD scroll. You need a sharp, defensible VSME Pack—a standardised mini-report including:
· Energy Consumption (MWh)
· Gross Scope 1 & 2 GHG Emissions
· Pollution & Water usage (only if material)
· Workforce Headcount & Health/Safety Incidents
If you can’t produce this "VSME Pack" instantly when Siemens, VW, or BNP Paribas asks for it, you are at risk of losing revenue.
The Problem We Solve: One Platform for All Three Tiers
Most software wasn’t built for this three-tier Omnibus reality. It either assumes you’re a giant with a huge ESG department, or a micro-firm with a basic carbon calculator.
That’s why DT Carbon Nature built a CCBP (Corporate Climate & Biodiversity Platform) that is tier-aware from the ground up:
· For CSDDD Super Giants (>5,000): A deep-tier risk-mapping engine that guides your “General Scoping” exercise, helping you spot severe risks without breaching the new limits.
· For CSRD Reporters (>1,000): A streamlined reporting core aligned with the Simplified ESRS, so you focus on the ~320 mandatory data points instead of wasting cycles on the 700+ deleted metrics.
· For “Exempt” Suppliers (<1,000): A focused VSME Mode that strips out noise and zeroes in on the exact formats (Basic Module vs. Comprehensive Module) your key customers are allowed to request—lighter, faster, and genuinely audit-ready.
What To Do Now
The regulation may have slowed down. The market hasn’t.
· If you’re large: You need to automate supplier data collection before your team drowns in the complexity of the Value Chain Cap.
· If you’re mid-sized: You need a VSME pack that protects existing contracts and makes you the low-risk choice in tenders.
Don’t let a regulatory “win” turn into a commercial loss.
Is your data strategy ready for the Omnibus reality?
Stop guessing! Schedule a call with us - https://calendly.com/mia-dtmastercarbon/30min
In one conversation, we’ll pinpoint your status (CSDDD, CSRD, VSME or any ESG compliance) and show you how to automate the hard parts—before they turn into fire drills.